Hey friend! Have fun exploring Q&A, but in order to ask your own
questions, comment, or give thumbs up, you need to be logged in to your
Moz Pro account.
You can also earn access by receiving 500
MozPoints
from participating in YouMoz and the Moz Blog!

Copied Website

My Google Local rankings (http://www.petmedicalcenter.com) have completely vanished within the last two weeks. I noticed that a website - http://justinchina.co.uk - has copied our entire website. Every time I make an update to the site, that webpage updates as well. I have taken the steps to block a couple IP addresses that seem to be coming from the domain/host. Could this be creating problems for our rankings?

Any recommendations on how to get this website removed? Should I use Google's disavow tool?

9 Responses

Wow, this is quite the pickle. The good news is that you are correct that justinchina.co.uk is causing your issues; the bad news is that it looks like your site's been hacked. Okay, first take a deep breath and have a *hug*. I've been there, and it sucks. But let's work through this. (I'm going to link to some resources as I'm not sure where you are in your SEO knowledge journey.)

Right now, your site www.petmedicalcenter.com is being 301 redirected (a permanent redirect and the source of why your rankings dropped) to justinchina.co.uk, which is giving a 200 or okay code. (Google is probably a bit confused as your WordPress SEO plug-in is showing www.petmedicalcenter.com as the rel=canonical page, which is in your favor.)

First, to completely verify that you've been hacked, I need you to go to your .htaccess file. This file is located at http://www.petmedicalcenter.com/.htaccess and currently blocked from my outsider view. I'm pretty certain in there, you'll see the code that's 301'ing it to justinchina.co.uk. You'll need to remove this code, just don't do it yet as we need to stop the hacker first. Since you've been able to log into the WordPress, the hacker hasn't change your passwords and such. (I highly recommend backing up your entire site so you have a copy before you do anything else!)

When I was digging into your site, I believe that your GoDaddy account was hacked and the 301 redirect was created that way, instead of your site being hacked. The reason I believe this is is because the IP on both your site and the duplicate are the same. This means that whomever is behind justinchina.co.uk has taken control of your domain too. I've attached screenshots, but you can look at the live data: http://who.is/whois/justinchina.co.uk and http://who.is/whois/petmedicalcenter.com. It's highly likely that the information for JustinChina is fake information.

First, you need to see if you can log into GoDaddy using your current credentials. If you can, you need to go into your account information and verify that your information is correct (email address, billing address, phone, etc.). If it not, you need to update it before you start doing anything else. (Don't send your password reset to the hacker's email!) Then you need to change your GoDaddy password. Next you need to contact GoDaddy and get your domain back. (I assume you also hosted with GoDaddy since that's where it's registered through.)

Where you might run into a problem is if your GoDaddy log-in doesn't work. Then you need to go directly to GoDaddy and give them all the information about who you are and what's happened to your site. If you are in this situation, you are at the mercy of GoDaddy's customer support to get your domain back.

Once GoDaddy gives you control back of your domain, then make sure to change all your WordPress or other domain-related passwords. (If you are using your GoDaddy log-in password for anything else, make sure to change it too!) Then go and remove that 301 redirect in the .htaccess file. And then make sure your WordPress, WordPress plug-ins, and WordPress themes are completely updated.

I took a look at your site's code, and I couldn't see any malicious code inserted into your site. The good news is that it looks like a pretty clean hack into your GoDaddy account and a 301 redirect, so once you have your domain back, there's less to do. But I do recommend going over your code with a fine-tooth comb, just in case.

Your rankings should recover over time. Unfortunately, it will just take time, but you can use it as a benchmark that everything's going good with your site.

I hope this helps you start cleaning up this mess and wish you the very best on sorting this out. Please let us know how it goes.

THANK YOU THANK YOU THANK YOU! I would have had no idea where to start if it wasn't for your response!

Going off of what you said, I checked the HTACCESS in the root directory and it doesn't appear to be anything in there that is redirecting to the justinchina website. Secondly, the domain is through GoDaddy, hosting through Host Monster, and email through Yahoo Business. So at this point it just seems like a need in a haystack.

Would it be best to just do a clean install of everything on the website? This is very overwhelming!

THANK YOU THANK YOU THANK YOU! I would have had no idea where to start if it wasn't for your response!

Going off of what you said, I checked the HTACCESS in the root directory and it doesn't appear to be anything in there that is redirecting to the justinchina website. Secondly, the domain is through GoDaddy, hosting through Host Monster, and email through Yahoo Business. So at this point it just seems like a need in a haystack.

Would it be best to just do a clean install of everything on the website? This is very overwhelming!

So there are several ways you can do a 301 redirect. .Htaccess is just the most common and best practiced. (Hackers don't need best practices, I guess.) Since it's not there, it's likely that they've done it directly in their GoDaddy interface. They'd be using the domain forwarding and masking feature in GoDaddy's interface. The good news is since your hosting is separate, you really just need to reclaim your domain. (Though I'd reset all the passwords everywhere!)

The process I outlined above still should be what you do, just without having to mess with .htaccess files. GoDaddy is going to be the only one who can give you back your domain, which will as consequence either remove the 301 or give you the control to do so.

One thing I was thinking about this morning is that when you've been updating your site since the hack, if you're doing it through the WP interface, you're actually updating the files on JustinChina due to the 301s. So any recent changes you've made are most likely not showing in your Host Monster files. You'll want to make sure to keep those efforts to plug them back into your site.

I don't think you'll need to do a clean install of everything as it looks like it was a domain hijack, not a hack into the code of your site. But everything's always worth double-checking.

So I have spoken to both Host Monster and GoDaddy. Host Monster says that the justinchina.co.uk domain has their A Record pointing to Host Monster (our website) - is that the same as domain forwarding and masking?

The most frustrating part is that Host Monster says it is GoDaddy that needs to fix it and GoDaddy says they can't do anything about it and the host is responsible.

It seems that justinchina.co.uk was previously hosted on host monster which is our host. This year we signed up for the pro package that got us a dedicated IP address. The same IP address that justinchina had. Their domain on godaddy was still pointing to that IP address which is now ours. So now host monster is currently trying to fix it. Anyway just thought I would update you both.

I am glad that the website wasn't hacked and am hopeful that this was the cause for the loss in rankings. Thanks again for your help!

Sucks to hear that they screwed up, but yay for not being hacked! Wow, you learn something new every day. I'm glad that things are getting sorted out, and you should definitely start seeing recovering in your rankings.

I was in a similar situation. I noticed a website is resolving my server IP address and hence duplicating all my content from my main domain. So I added a Google verification file to my maindomain.com . Then added duplicatedomain to my WMT and verified using same google verification file. The duplicate domain got verified. I submitted a request in WMT to remove all content from Google index. Let us see will see if there is any impact to the ranking.

Hey friend! Have fun exploring Q&A, but in order to ask your own
questions, comment, or give thumbs up, you need to be logged in to your
Moz Pro account.
You can also earn access by receiving 500
MozPoints
from participating in YouMoz and the Moz Blog!
Learn more.